From d96d0f865934a524cab89bc70d07494017a1a46a Mon Sep 17 00:00:00 2001 From: YuChen Date: Sat, 1 Feb 2025 15:55:50 -0800 Subject: [PATCH 1/5] restructure Helm chart output directories Signed-off-by: YuChen --- Makefile | 6 +- .../ibm-common-service-operator.config | 39 +++++++ helm-cluster-scoped/Chart.yaml | 24 +++- helm-cluster-scoped/templates/_helpers.tpl | 62 ++++++++++ .../templates/cluster-rbac.yaml | 104 +++++++++++++++++ .../templates/cluster-webhook.yaml | 0 .../templates/{crd.yaml => crds.yaml} | 0 helm-cluster-scoped/values.yaml | 30 +++-- helm/Chart.yaml | 24 +++- helm/templates/_helpers.tpl | 62 ++++++++++ helm/templates/operator-deployment.yaml | 14 +-- helm/templates/rbac.yaml | 109 ++---------------- helm/values.yaml | 30 +++-- scripts/restructure_helm.sh | 78 +++++++++++++ 14 files changed, 447 insertions(+), 135 deletions(-) create mode 100644 generate-helm/ibm-common-service-operator.config create mode 100644 helm-cluster-scoped/templates/_helpers.tpl delete mode 100644 helm-cluster-scoped/templates/cluster-webhook.yaml rename helm-cluster-scoped/templates/{crd.yaml => crds.yaml} (100%) mode change 100644 => 100755 create mode 100644 helm/templates/_helpers.tpl create mode 100755 scripts/restructure_helm.sh diff --git a/Makefile b/Makefile index 6e4ff2a3b..a94ca9231 100644 --- a/Makefile +++ b/Makefile @@ -255,8 +255,10 @@ deploy-dryrun: manifests kustomize ## Deploy controller to the K8s cluster speci .PHONY: helm helm: deploy-dryrun kustohelmize - $(KUSTOHELMIZE) create --from=config/ibm-common-service-operator.yaml helm/ibm-common-service-operator - helm lint helm/ibm-common-service-operator + $(KUSTOHELMIZE) create --from=config/ibm-common-service-operator.yaml generate-helm/ibm-common-service-operator + helm lint generate-helm/ibm-common-service-operator + bash scripts/restructure_helm.sh + helm lint helm KUBERNETES-SPLIT-YAML ?= $(LOCALBIN)/kubernetes-split-yaml KUSTOHELMIZE ?= $(LOCALBIN)/kustohelmize diff --git a/generate-helm/ibm-common-service-operator.config b/generate-helm/ibm-common-service-operator.config new file mode 100644 index 000000000..6af8a4139 --- /dev/null +++ b/generate-helm/ibm-common-service-operator.config @@ -0,0 +1,39 @@ +logger: {} +chartname: ibm-common-service-operator +sharedValues: + operatorNamespace: operator-ns + affinity: {} + nodeSelector: {} + podSecurityContext: {} + resources: {} + securityContext: {} + tolerations: {} +globalConfig: + metadata.labels: + - strategy: newline + key: ibm-common-service-operator.labels + metadata.name: + - strategy: inline + key: ibm-common-service-operator.fullname + metadata.namespace: + - strategy: inline + key: sharedValues.operatorNamespace +fileConfig: + generate-helm/ibm-common-service-operator-generated/commonservices.operator.ibm.com-crd.yaml: {} + generate-helm/ibm-common-service-operator-generated/ibm-common-service-operator-cr.yaml: {} + generate-helm/ibm-common-service-operator-generated/ibm-common-service-operator-crb.yaml: + subjects[0].namespace: + - strategy: inline + key: sharedValues.operatorNamespace + generate-helm/ibm-common-service-operator-generated/ibm-common-service-operator-deployment.yaml: {} + generate-helm/ibm-common-service-operator-generated/ibm-common-service-operator-rb.yaml: + subjects[0].namespace: + - strategy: inline + key: sharedValues.operatorNamespace + generate-helm/ibm-common-service-operator-generated/ibm-common-service-operator-role.yaml: {} + generate-helm/ibm-common-service-operator-generated/ibm-common-service-operator-sa.yaml: {} + generate-helm/ibm-common-service-operator-generated/mutating-webhook-configuration-mutatingwebhookconfiguration.yaml: {} + generate-helm/ibm-common-service-operator-generated/selfsigned-issuer-issuer.yaml: {} + generate-helm/ibm-common-service-operator-generated/serving-cert-certificate.yaml: {} + generate-helm/ibm-common-service-operator-generated/validating-webhook-configuration-validatingwebhookconfiguration.yaml: {} + generate-helm/ibm-common-service-operator-generated/webhook-service-svc.yaml: {} diff --git a/helm-cluster-scoped/Chart.yaml b/helm-cluster-scoped/Chart.yaml index be7eb1986..7917fee82 100644 --- a/helm-cluster-scoped/Chart.yaml +++ b/helm-cluster-scoped/Chart.yaml @@ -1,6 +1,24 @@ apiVersion: v2 name: ibm-common-service-operator -description: A Helm chart for ibm-common-service-operator +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. type: application -version: 4.6.11 -appVersion: 4.6.11 \ No newline at end of file + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm-cluster-scoped/templates/_helpers.tpl b/helm-cluster-scoped/templates/_helpers.tpl new file mode 100644 index 000000000..e234b4519 --- /dev/null +++ b/helm-cluster-scoped/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ibm-common-service-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ibm-common-service-operator.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ibm-common-service-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ibm-common-service-operator.labels" -}} +helm.sh/chart: {{ include "ibm-common-service-operator.chart" . }} +{{ include "ibm-common-service-operator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ibm-common-service-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ibm-common-service-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ibm-common-service-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ibm-common-service-operator.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm-cluster-scoped/templates/cluster-rbac.yaml b/helm-cluster-scoped/templates/cluster-rbac.yaml index e69de29bb..0b65c0b60 100644 --- a/helm-cluster-scoped/templates/cluster-rbac.yaml +++ b/helm-cluster-scoped/templates/cluster-rbac.yaml @@ -0,0 +1,104 @@ +# Generated by [Kustohelmize](https://github.com/yeahdongcn/kustohelmize) +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "ibm-common-service-operator.fullname" . }} + labels: + {{- include "ibm-common-service-operator.labels" . | nindent 4 }} +roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io + name: ibm-common-service-operator +subjects: + - kind: ServiceAccount + name: ibm-common-service-operator + namespace: {{ .Values.operatorNamespace }} + +--- +# Generated by [Kustohelmize](https://github.com/yeahdongcn/kustohelmize) +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "ibm-common-service-operator.fullname" . }} +rules: + - apiGroups: + - "" + resourceNames: + - common-service-maps + resources: + - configmaps + verbs: + - delete + - update + - apiGroups: + - "" + resourceNames: + - cloud-native-postgresql-image-list + resources: + - configmaps + verbs: + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - watch + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - config.openshift.io + resources: + - infrastructures + verbs: + - get + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + +--- +# Generated by [Kustohelmize](https://github.com/yeahdongcn/kustohelmize) +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ibm-common-service-operator.fullname" . }} + namespace: {{ .Values.operatorNamespace }} diff --git a/helm-cluster-scoped/templates/cluster-webhook.yaml b/helm-cluster-scoped/templates/cluster-webhook.yaml deleted file mode 100644 index e69de29bb..000000000 diff --git a/helm-cluster-scoped/templates/crd.yaml b/helm-cluster-scoped/templates/crds.yaml old mode 100644 new mode 100755 similarity index 100% rename from helm-cluster-scoped/templates/crd.yaml rename to helm-cluster-scoped/templates/crds.yaml diff --git a/helm-cluster-scoped/values.yaml b/helm-cluster-scoped/values.yaml index e9903e51b..ed5131782 100644 --- a/helm-cluster-scoped/values.yaml +++ b/helm-cluster-scoped/values.yaml @@ -1,12 +1,22 @@ -imagePullPrefix: icr.io -imagePullSecret: ibm-entitlement-key +# Generated by [Kustohelmize](https://github.com/yeahdongcn/kustohelmize) +affinity: {} +nodeSelector: {} +operatorNamespace: operator-ns +podSecurityContext: {} +resources: {} +securityContext: {} +tolerations: {} -# Note there are no leading or trailing /'s -imageRegistryNamespaceOperator: cpopen -imageRegistryNamespaceOperand: cpopen/cpfs +commonservicesOperatorIbmComCrd: {} +ibmCommonServiceOperatorCr: {} +ibmCommonServiceOperatorCrb: {} +ibmCommonServiceOperatorDeployment: {} +ibmCommonServiceOperatorRb: {} +ibmCommonServiceOperatorRole: {} +ibmCommonServiceOperatorSa: {} +mutatingWebhookConfigurationMutatingwebhookconfiguration: {} +selfsignedIssuerIssuer: {} +servingCertCertificate: {} +validatingWebhookConfigurationValidatingwebhookconfiguration: {} +webhookServiceSvc: {} -# other configuration you think you might need for your operator -# following are examples, not required: -operatorNamespace: ibm-common-services -servicesNamespace: service -operatorImage: ibm-common-service-operator \ No newline at end of file diff --git a/helm/Chart.yaml b/helm/Chart.yaml index be7eb1986..7917fee82 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,6 +1,24 @@ apiVersion: v2 name: ibm-common-service-operator -description: A Helm chart for ibm-common-service-operator +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. type: application -version: 4.6.11 -appVersion: 4.6.11 \ No newline at end of file + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl new file mode 100644 index 000000000..e234b4519 --- /dev/null +++ b/helm/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ibm-common-service-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ibm-common-service-operator.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ibm-common-service-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ibm-common-service-operator.labels" -}} +helm.sh/chart: {{ include "ibm-common-service-operator.chart" . }} +{{ include "ibm-common-service-operator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ibm-common-service-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ibm-common-service-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ibm-common-service-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ibm-common-service-operator.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/templates/operator-deployment.yaml b/helm/templates/operator-deployment.yaml index c6d5375c5..aec7a4ce8 100644 --- a/helm/templates/operator-deployment.yaml +++ b/helm/templates/operator-deployment.yaml @@ -1,8 +1,11 @@ +# Generated by [Kustohelmize](https://github.com/yeahdongcn/kustohelmize) apiVersion: apps/v1 kind: Deployment metadata: - name: ibm-common-service-operator + name: {{ include "ibm-common-service-operator.fullname" . }} namespace: {{ .Values.operatorNamespace }} + labels: + {{- include "ibm-common-service-operator.labels" . | nindent 4 }} spec: replicas: 1 selector: @@ -21,7 +24,6 @@ spec: app.kubernetes.io/managed-by: ibm-common-service-operator app.kubernetes.io/name: ibm-common-service-operator name: ibm-common-service-operator - intent: protected productName: IBM_Cloud_Platform_Common_Services spec: affinity: @@ -37,7 +39,7 @@ spec: - s390x containers: - name: ibm-common-service-operator - image: {{ .Values.imagePullPrefix}}/{{ .Values.imageRegistryNamespaceOperator}}/{{ .Values.operatorImage }}:latest + image: icr.io/cpopen/common-service-operator:latest command: - /manager env: @@ -47,8 +49,8 @@ spec: apiVersion: v1 fieldPath: metadata.namespace - name: WATCH_NAMESPACE - valueFrom: - configMapKeyRef: + valueFrom: + configMapKeyRef: key: namespaces name: namespace-scope optional: true @@ -93,7 +95,5 @@ spec: runAsNonRoot: true seccompProfile: type: RuntimeDefault - imagePullSecrets: - - name: {{ .Values.imagePullSecret }} serviceAccountName: ibm-common-service-operator terminationGracePeriodSeconds: 10 diff --git a/helm/templates/rbac.yaml b/helm/templates/rbac.yaml index 24f1df360..0cc85f48b 100644 --- a/helm/templates/rbac.yaml +++ b/helm/templates/rbac.yaml @@ -2,8 +2,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: ibm-common-service-operator + name: {{ include "ibm-common-service-operator.fullname" . }} namespace: {{ .Values.operatorNamespace }} + labels: + {{- include "ibm-common-service-operator.labels" . | nindent 4 }} roleRef: kind: Role apiGroup: rbac.authorization.k8s.io @@ -12,12 +14,13 @@ subjects: - kind: ServiceAccount name: ibm-common-service-operator namespace: {{ .Values.operatorNamespace }} ---- +--- +# Generated by [Kustohelmize](https://github.com/yeahdongcn/kustohelmize) apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: ibm-common-service-operator + name: {{ include "ibm-common-service-operator.fullname" . }} namespace: {{ .Values.operatorNamespace }} rules: - apiGroups: @@ -205,103 +208,9 @@ rules: - watch --- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: ibm-common-service-operator -rules: - - apiGroups: - - "" - resourceNames: - - common-service-maps - resources: - - configmaps - verbs: - - delete - - update - - apiGroups: - - "" - resourceNames: - - cloud-native-postgresql-image-list - resources: - - configmaps - verbs: - - delete - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - list - - watch - - update - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - config.openshift.io - resources: - - infrastructures - verbs: - - get - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: ibm-common-service-operator -roleRef: - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io - name: ibm-common-service-operator -subjects: - - kind: ServiceAccount - name: ibm-common-service-operator - namespace: {{ .Values.operatorNamespace }} - ---- - +# Generated by [Kustohelmize](https://github.com/yeahdongcn/kustohelmize) apiVersion: v1 kind: ServiceAccount metadata: - name: ibm-common-service-operator - namespace: {{ .Values.operatorNamespace }} \ No newline at end of file + name: {{ include "ibm-common-service-operator.fullname" . }} + namespace: {{ .Values.operatorNamespace }} diff --git a/helm/values.yaml b/helm/values.yaml index 6cb4eb69c..ed5131782 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -1,12 +1,22 @@ -imagePullPrefix: icr.io -imagePullSecret: ibm-entitlement-key +# Generated by [Kustohelmize](https://github.com/yeahdongcn/kustohelmize) +affinity: {} +nodeSelector: {} +operatorNamespace: operator-ns +podSecurityContext: {} +resources: {} +securityContext: {} +tolerations: {} -# Note there are no leading or trailing /'s -imageRegistryNamespaceOperator: cpopen -imageRegistryNamespaceOperand: cpopen/cpfs +commonservicesOperatorIbmComCrd: {} +ibmCommonServiceOperatorCr: {} +ibmCommonServiceOperatorCrb: {} +ibmCommonServiceOperatorDeployment: {} +ibmCommonServiceOperatorRb: {} +ibmCommonServiceOperatorRole: {} +ibmCommonServiceOperatorSa: {} +mutatingWebhookConfigurationMutatingwebhookconfiguration: {} +selfsignedIssuerIssuer: {} +servingCertCertificate: {} +validatingWebhookConfigurationValidatingwebhookconfiguration: {} +webhookServiceSvc: {} -# other configuration you think you might need for your operator -# following are examples, not required: -operatorNamespace: operators -servicesNamespace: services -operatorImage: ibm-common-service-operator \ No newline at end of file diff --git a/scripts/restructure_helm.sh b/scripts/restructure_helm.sh new file mode 100755 index 000000000..388493b18 --- /dev/null +++ b/scripts/restructure_helm.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +# Copyright 2025 IBM Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +# Define source paths +HELM_SRC_DIR="generate-helm/ibm-common-service-operator" +# CONFIG_SRC_DIR="generate-helm/ibm-common-service-operator-generated" + +# Define helm destination paths +HELM_DIR="helm" +CLUSTER_SCOPED_DIR="helm-cluster-scoped" + +# Ensure directories exist +mkdir -p $HELM_DIR/templates +mkdir -p $CLUSTER_SCOPED_DIR/templates + +# Function to merge YAML files with "---" separators +merge_yaml() { + local pattern=$1 + local output_file=$2 + echo "Merging files matching pattern: $pattern into $output_file" + + # Clear output file + > $output_file + local first_file=true + for file in $(grep -l "$pattern" $HELM_SRC_DIR/templates/*.yaml); do + if [ "$first_file" = false ]; then + echo -e "\n---" >> $output_file + fi + cat "$file" >> $output_file + first_file=false + done + + # Add service account to rbac.yaml or cluster-rbac.yaml + if [[ "$pattern" = "kind: Role" ]] || [[ "$pattern" = "kind: ClusterRole" ]]; then + echo -e "\n---" >> $output_file + cat $HELM_SRC_DIR/templates/ibm-common-service-operator-sa.yaml >> $output_file + fi +} + +# ----------------- Namespace-scoped resources ----------------- + +# Move and merge namespace-scoped resources +merge_yaml "kind: Role" "$HELM_DIR/templates/rbac.yaml" +merge_yaml "kind: Deployment" "$HELM_DIR/templates/operator-deployment.yaml" + +# ----------------- Cluster-scoped resources ----------------- + +# Move and merge cluster-scoped resources +merge_yaml "kind: ClusterRole" "$CLUSTER_SCOPED_DIR/templates/cluster-rbac.yaml" +cp $HELM_SRC_DIR/crds/* $CLUSTER_SCOPED_DIR/templates/crds.yaml + +# Todo: rest of resources + +# Copy Helm values, Chart.yaml and helper.tpl +for dir in $HELM_DIR $CLUSTER_SCOPED_DIR; do cp $HELM_SRC_DIR/{values.yaml,Chart.yaml} "$dir/"; done +for dir in $HELM_DIR $CLUSTER_SCOPED_DIR; do cp $HELM_SRC_DIR/templates/_helpers.tpl "$dir/templates/"; done + +# Remove generated ibm-common-service-operator and ibm-common-service-operator-generated directories +rm -rf generate-helm/ibm-common-service-operator +rm -rf generate-helm/ibm-common-service-operator-generated + +echo "Helm chart restructuring complete." + From aa4abe7ad45830a900a99ea2e2dac7a28c54f2b0 Mon Sep 17 00:00:00 2001 From: YuChen Date: Mon, 3 Feb 2025 07:49:15 -0800 Subject: [PATCH 2/5] enable image config into deployment templates Signed-off-by: YuChen --- config/ibm-common-service-operator.yaml | 1 + config/manager/manager.yaml | 1 + .../ibm-common-service-operator.config | 17 ++++++++++++++++- helm-cluster-scoped/values.yaml | 6 ++++++ helm/templates/operator-deployment.yaml | 3 ++- helm/values.yaml | 6 ++++++ scripts/restructure_helm.sh | 2 ++ 7 files changed, 34 insertions(+), 2 deletions(-) diff --git a/config/ibm-common-service-operator.yaml b/config/ibm-common-service-operator.yaml index aeb2ef544..dde028e55 100644 --- a/config/ibm-common-service-operator.yaml +++ b/config/ibm-common-service-operator.yaml @@ -696,6 +696,7 @@ spec: app.kubernetes.io/instance: ibm-common-service-operator app.kubernetes.io/managed-by: ibm-common-service-operator app.kubernetes.io/name: ibm-common-service-operator + intent: protected name: ibm-common-service-operator productName: IBM_Cloud_Platform_Common_Services spec: diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index eca1924f8..74321080c 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -23,6 +23,7 @@ spec: app.kubernetes.io/managed-by: "ibm-common-service-operator" app.kubernetes.io/name: "ibm-common-service-operator" productName: IBM_Cloud_Platform_Common_Services + intent: protected annotations: productName: "IBM Cloud Platform Common Services" productID: "068a62892a1e4db39641342e592daa25" diff --git a/generate-helm/ibm-common-service-operator.config b/generate-helm/ibm-common-service-operator.config index 6af8a4139..058a07683 100644 --- a/generate-helm/ibm-common-service-operator.config +++ b/generate-helm/ibm-common-service-operator.config @@ -1,7 +1,13 @@ logger: {} chartname: ibm-common-service-operator sharedValues: + imagePullPrefix: icr.io + imagePullSecret: ibm-entitlement-key + imageRegistryNamespaceOperator: cpopen + imageRegistryNamespaceOperand: cpopen/cpfs operatorNamespace: operator-ns + operatorImage: ibm-common-service-operator + tag: latest affinity: {} nodeSelector: {} podSecurityContext: {} @@ -25,7 +31,16 @@ fileConfig: subjects[0].namespace: - strategy: inline key: sharedValues.operatorNamespace - generate-helm/ibm-common-service-operator-generated/ibm-common-service-operator-deployment.yaml: {} + generate-helm/ibm-common-service-operator-generated/ibm-common-service-operator-deployment.yaml: + spec.template.spec.containers[0].image: + - strategy: inline + key: sharedValues.imagePullPrefix + - strategy: inline + key: sharedValues.imageRegistryNamespaceOperator + - strategy: inline + key: sharedValues.operatorImage + - strategy: inline + key: sharedValues.tag generate-helm/ibm-common-service-operator-generated/ibm-common-service-operator-rb.yaml: subjects[0].namespace: - strategy: inline diff --git a/helm-cluster-scoped/values.yaml b/helm-cluster-scoped/values.yaml index ed5131782..13e0c451d 100644 --- a/helm-cluster-scoped/values.yaml +++ b/helm-cluster-scoped/values.yaml @@ -1,10 +1,16 @@ # Generated by [Kustohelmize](https://github.com/yeahdongcn/kustohelmize) affinity: {} +imagePullPrefix: icr.io +imagePullSecret: ibm-entitlement-key +imageRegistryNamespaceOperand: cpopen/cpfs +imageRegistryNamespaceOperator: cpopen nodeSelector: {} +operatorImage: ibm-common-service-operator operatorNamespace: operator-ns podSecurityContext: {} resources: {} securityContext: {} +tag: latest tolerations: {} commonservicesOperatorIbmComCrd: {} diff --git a/helm/templates/operator-deployment.yaml b/helm/templates/operator-deployment.yaml index aec7a4ce8..5b26debac 100644 --- a/helm/templates/operator-deployment.yaml +++ b/helm/templates/operator-deployment.yaml @@ -23,6 +23,7 @@ spec: app.kubernetes.io/instance: ibm-common-service-operator app.kubernetes.io/managed-by: ibm-common-service-operator app.kubernetes.io/name: ibm-common-service-operator + intent: protected name: ibm-common-service-operator productName: IBM_Cloud_Platform_Common_Services spec: @@ -39,7 +40,7 @@ spec: - s390x containers: - name: ibm-common-service-operator - image: icr.io/cpopen/common-service-operator:latest + image: "{{ .Values.imagePullPrefix }}/{{ .Values.imageRegistryNamespaceOperator }}/{{ .Values.operatorImage }}:{{ .Values.tag }}" command: - /manager env: diff --git a/helm/values.yaml b/helm/values.yaml index ed5131782..13e0c451d 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -1,10 +1,16 @@ # Generated by [Kustohelmize](https://github.com/yeahdongcn/kustohelmize) affinity: {} +imagePullPrefix: icr.io +imagePullSecret: ibm-entitlement-key +imageRegistryNamespaceOperand: cpopen/cpfs +imageRegistryNamespaceOperator: cpopen nodeSelector: {} +operatorImage: ibm-common-service-operator operatorNamespace: operator-ns podSecurityContext: {} resources: {} securityContext: {} +tag: latest tolerations: {} commonservicesOperatorIbmComCrd: {} diff --git a/scripts/restructure_helm.sh b/scripts/restructure_helm.sh index 388493b18..cd137bd08 100755 --- a/scripts/restructure_helm.sh +++ b/scripts/restructure_helm.sh @@ -57,6 +57,7 @@ merge_yaml() { # Move and merge namespace-scoped resources merge_yaml "kind: Role" "$HELM_DIR/templates/rbac.yaml" merge_yaml "kind: Deployment" "$HELM_DIR/templates/operator-deployment.yaml" +sed -i 's/{{ .Values.imagePullPrefix }}:{{ .Values.imageRegistryNamespaceOperator }}:{{ .Values.operatorImage }}:{{ .Values.tag }}/{{ .Values.imagePullPrefix }}\/{{ .Values.imageRegistryNamespaceOperator }}\/{{ .Values.operatorImage }}:{{ .Values.tag }}/g' $HELM_DIR/templates/operator-deployment.yaml # ----------------- Cluster-scoped resources ----------------- @@ -67,6 +68,7 @@ cp $HELM_SRC_DIR/crds/* $CLUSTER_SCOPED_DIR/templates/crds.yaml # Todo: rest of resources # Copy Helm values, Chart.yaml and helper.tpl +#sed -i -e "s/^version:.*/version: $CHART_VERSION/" -e "s/^appVersion:.*/appVersion: $CHART_VERSION/" $HELM_DIR/Chart.yaml for dir in $HELM_DIR $CLUSTER_SCOPED_DIR; do cp $HELM_SRC_DIR/{values.yaml,Chart.yaml} "$dir/"; done for dir in $HELM_DIR $CLUSTER_SCOPED_DIR; do cp $HELM_SRC_DIR/templates/_helpers.tpl "$dir/templates/"; done From c58d0d3818150c1559481441df3c809e307a7ba4 Mon Sep 17 00:00:00 2001 From: YuChen Date: Mon, 3 Feb 2025 08:01:53 -0800 Subject: [PATCH 3/5] Config cs version in helm chart.yaml Signed-off-by: YuChen --- Makefile | 3 ++- helm-cluster-scoped/Chart.yaml | 6 +++--- helm/Chart.yaml | 6 +++--- scripts/restructure_helm.sh | 1 - 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index a94ca9231..d91b4180d 100644 --- a/Makefile +++ b/Makefile @@ -38,6 +38,7 @@ VERSION ?= $(shell git describe --exact-match 2> /dev/null || \ RELEASE_VERSION ?= $(shell cat ./version/version.go | grep "Version =" | awk '{ print $$3}' | tr -d '"') PREVIOUS_VERSION := 3.23.0 LATEST_VERSION ?= latest +DESCRIPTION ?= "A Helm chart for the IBM Common Service Operator" LOCAL_OS := $(shell uname) ifeq ($(LOCAL_OS),Linux) @@ -255,7 +256,7 @@ deploy-dryrun: manifests kustomize ## Deploy controller to the K8s cluster speci .PHONY: helm helm: deploy-dryrun kustohelmize - $(KUSTOHELMIZE) create --from=config/ibm-common-service-operator.yaml generate-helm/ibm-common-service-operator + $(KUSTOHELMIZE) create --from=config/ibm-common-service-operator.yaml generate-helm/ibm-common-service-operator --version=$(RELEASE_VERSION) --app-version=$(RELEASE_VERSION) --description=$(DESCRIPTION) helm lint generate-helm/ibm-common-service-operator bash scripts/restructure_helm.sh helm lint helm diff --git a/helm-cluster-scoped/Chart.yaml b/helm-cluster-scoped/Chart.yaml index 7917fee82..cdff13f51 100644 --- a/helm-cluster-scoped/Chart.yaml +++ b/helm-cluster-scoped/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: ibm-common-service-operator -description: A Helm chart for Kubernetes +description: A Helm chart for the IBM Common Service Operator # A chart can be either an 'application' or a 'library' chart. # @@ -15,10 +15,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 4.11.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.16.0" +appVersion: "4.11.0" diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 7917fee82..cdff13f51 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: ibm-common-service-operator -description: A Helm chart for Kubernetes +description: A Helm chart for the IBM Common Service Operator # A chart can be either an 'application' or a 'library' chart. # @@ -15,10 +15,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 4.11.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.16.0" +appVersion: "4.11.0" diff --git a/scripts/restructure_helm.sh b/scripts/restructure_helm.sh index cd137bd08..bbd456487 100755 --- a/scripts/restructure_helm.sh +++ b/scripts/restructure_helm.sh @@ -68,7 +68,6 @@ cp $HELM_SRC_DIR/crds/* $CLUSTER_SCOPED_DIR/templates/crds.yaml # Todo: rest of resources # Copy Helm values, Chart.yaml and helper.tpl -#sed -i -e "s/^version:.*/version: $CHART_VERSION/" -e "s/^appVersion:.*/appVersion: $CHART_VERSION/" $HELM_DIR/Chart.yaml for dir in $HELM_DIR $CLUSTER_SCOPED_DIR; do cp $HELM_SRC_DIR/{values.yaml,Chart.yaml} "$dir/"; done for dir in $HELM_DIR $CLUSTER_SCOPED_DIR; do cp $HELM_SRC_DIR/templates/_helpers.tpl "$dir/templates/"; done From f1eb73330b974532c2b66252005e9298b97d3267 Mon Sep 17 00:00:00 2001 From: YuChen Date: Mon, 3 Feb 2025 08:09:29 -0800 Subject: [PATCH 4/5] removed extra comment Signed-off-by: YuChen --- .../ibm-common-service-operator.config | 20 +++++++------------ .../templates/cluster-rbac.yaml | 3 --- helm-cluster-scoped/values.yaml | 7 ------- helm/templates/operator-deployment.yaml | 1 - helm/templates/rbac.yaml | 3 --- helm/values.yaml | 7 ------- scripts/restructure_helm.sh | 3 +++ 7 files changed, 10 insertions(+), 34 deletions(-) diff --git a/generate-helm/ibm-common-service-operator.config b/generate-helm/ibm-common-service-operator.config index 058a07683..d2e6b5f09 100644 --- a/generate-helm/ibm-common-service-operator.config +++ b/generate-helm/ibm-common-service-operator.config @@ -3,17 +3,11 @@ chartname: ibm-common-service-operator sharedValues: imagePullPrefix: icr.io imagePullSecret: ibm-entitlement-key - imageRegistryNamespaceOperator: cpopen imageRegistryNamespaceOperand: cpopen/cpfs + imageRegistryNamespaceOperator: cpopen + operatorImage: ibm-common-service-operator operatorNamespace: operator-ns - operatorImage: ibm-common-service-operator tag: latest - affinity: {} - nodeSelector: {} - podSecurityContext: {} - resources: {} - securityContext: {} - tolerations: {} globalConfig: metadata.labels: - strategy: newline @@ -29,8 +23,8 @@ fileConfig: generate-helm/ibm-common-service-operator-generated/ibm-common-service-operator-cr.yaml: {} generate-helm/ibm-common-service-operator-generated/ibm-common-service-operator-crb.yaml: subjects[0].namespace: - - strategy: inline - key: sharedValues.operatorNamespace + - strategy: inline + key: sharedValues.operatorNamespace generate-helm/ibm-common-service-operator-generated/ibm-common-service-operator-deployment.yaml: spec.template.spec.containers[0].image: - strategy: inline @@ -41,10 +35,10 @@ fileConfig: key: sharedValues.operatorImage - strategy: inline key: sharedValues.tag - generate-helm/ibm-common-service-operator-generated/ibm-common-service-operator-rb.yaml: + generate-helm/ibm-common-service-operator-generated/ibm-common-service-operator-rb.yaml: subjects[0].namespace: - - strategy: inline - key: sharedValues.operatorNamespace + - strategy: inline + key: sharedValues.operatorNamespace generate-helm/ibm-common-service-operator-generated/ibm-common-service-operator-role.yaml: {} generate-helm/ibm-common-service-operator-generated/ibm-common-service-operator-sa.yaml: {} generate-helm/ibm-common-service-operator-generated/mutating-webhook-configuration-mutatingwebhookconfiguration.yaml: {} diff --git a/helm-cluster-scoped/templates/cluster-rbac.yaml b/helm-cluster-scoped/templates/cluster-rbac.yaml index 0b65c0b60..9b6556dc7 100644 --- a/helm-cluster-scoped/templates/cluster-rbac.yaml +++ b/helm-cluster-scoped/templates/cluster-rbac.yaml @@ -1,4 +1,3 @@ -# Generated by [Kustohelmize](https://github.com/yeahdongcn/kustohelmize) apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -15,7 +14,6 @@ subjects: namespace: {{ .Values.operatorNamespace }} --- -# Generated by [Kustohelmize](https://github.com/yeahdongcn/kustohelmize) apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -96,7 +94,6 @@ rules: - watch --- -# Generated by [Kustohelmize](https://github.com/yeahdongcn/kustohelmize) apiVersion: v1 kind: ServiceAccount metadata: diff --git a/helm-cluster-scoped/values.yaml b/helm-cluster-scoped/values.yaml index 13e0c451d..db20ad43c 100644 --- a/helm-cluster-scoped/values.yaml +++ b/helm-cluster-scoped/values.yaml @@ -1,17 +1,10 @@ -# Generated by [Kustohelmize](https://github.com/yeahdongcn/kustohelmize) -affinity: {} imagePullPrefix: icr.io imagePullSecret: ibm-entitlement-key imageRegistryNamespaceOperand: cpopen/cpfs imageRegistryNamespaceOperator: cpopen -nodeSelector: {} operatorImage: ibm-common-service-operator operatorNamespace: operator-ns -podSecurityContext: {} -resources: {} -securityContext: {} tag: latest -tolerations: {} commonservicesOperatorIbmComCrd: {} ibmCommonServiceOperatorCr: {} diff --git a/helm/templates/operator-deployment.yaml b/helm/templates/operator-deployment.yaml index 5b26debac..4821d5607 100644 --- a/helm/templates/operator-deployment.yaml +++ b/helm/templates/operator-deployment.yaml @@ -1,4 +1,3 @@ -# Generated by [Kustohelmize](https://github.com/yeahdongcn/kustohelmize) apiVersion: apps/v1 kind: Deployment metadata: diff --git a/helm/templates/rbac.yaml b/helm/templates/rbac.yaml index 0cc85f48b..d65c917ea 100644 --- a/helm/templates/rbac.yaml +++ b/helm/templates/rbac.yaml @@ -1,4 +1,3 @@ -# Generated by [Kustohelmize](https://github.com/yeahdongcn/kustohelmize) apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -16,7 +15,6 @@ subjects: namespace: {{ .Values.operatorNamespace }} --- -# Generated by [Kustohelmize](https://github.com/yeahdongcn/kustohelmize) apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -208,7 +206,6 @@ rules: - watch --- -# Generated by [Kustohelmize](https://github.com/yeahdongcn/kustohelmize) apiVersion: v1 kind: ServiceAccount metadata: diff --git a/helm/values.yaml b/helm/values.yaml index 13e0c451d..db20ad43c 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -1,17 +1,10 @@ -# Generated by [Kustohelmize](https://github.com/yeahdongcn/kustohelmize) -affinity: {} imagePullPrefix: icr.io imagePullSecret: ibm-entitlement-key imageRegistryNamespaceOperand: cpopen/cpfs imageRegistryNamespaceOperator: cpopen -nodeSelector: {} operatorImage: ibm-common-service-operator operatorNamespace: operator-ns -podSecurityContext: {} -resources: {} -securityContext: {} tag: latest -tolerations: {} commonservicesOperatorIbmComCrd: {} ibmCommonServiceOperatorCr: {} diff --git a/scripts/restructure_helm.sh b/scripts/restructure_helm.sh index bbd456487..541228ac8 100755 --- a/scripts/restructure_helm.sh +++ b/scripts/restructure_helm.sh @@ -50,6 +50,8 @@ merge_yaml() { echo -e "\n---" >> $output_file cat $HELM_SRC_DIR/templates/ibm-common-service-operator-sa.yaml >> $output_file fi + + sed -i '/^# Generated by \[Kustohelmize\]/d' $output_file } # ----------------- Namespace-scoped resources ----------------- @@ -68,6 +70,7 @@ cp $HELM_SRC_DIR/crds/* $CLUSTER_SCOPED_DIR/templates/crds.yaml # Todo: rest of resources # Copy Helm values, Chart.yaml and helper.tpl +sed -i '/^# Generated by \[Kustohelmize\]/d' $HELM_SRC_DIR/values.yaml for dir in $HELM_DIR $CLUSTER_SCOPED_DIR; do cp $HELM_SRC_DIR/{values.yaml,Chart.yaml} "$dir/"; done for dir in $HELM_DIR $CLUSTER_SCOPED_DIR; do cp $HELM_SRC_DIR/templates/_helpers.tpl "$dir/templates/"; done From da38a32430a469f7c5583ab19400b231b221da60 Mon Sep 17 00:00:00 2001 From: YuChen Date: Mon, 3 Feb 2025 11:06:13 -0800 Subject: [PATCH 5/5] correct cluster scope chart name and image pull secret Signed-off-by: YuChen --- config/ibm-common-service-operator.yaml | 4 +++- config/manager/manager.yaml | 4 +++- generate-helm/ibm-common-service-operator.config | 10 +++++++--- helm-cluster-scoped/Chart.yaml | 2 +- helm-cluster-scoped/values.yaml | 5 +++-- helm/templates/operator-deployment.yaml | 6 ++++-- helm/values.yaml | 5 +++-- scripts/restructure_helm.sh | 5 ++++- 8 files changed, 28 insertions(+), 13 deletions(-) diff --git a/config/ibm-common-service-operator.yaml b/config/ibm-common-service-operator.yaml index dde028e55..595acacf0 100644 --- a/config/ibm-common-service-operator.yaml +++ b/config/ibm-common-service-operator.yaml @@ -696,7 +696,7 @@ spec: app.kubernetes.io/instance: ibm-common-service-operator app.kubernetes.io/managed-by: ibm-common-service-operator app.kubernetes.io/name: ibm-common-service-operator - intent: protected + intent: projected name: ibm-common-service-operator productName: IBM_Cloud_Platform_Common_Services spec: @@ -769,6 +769,8 @@ spec: runAsNonRoot: true seccompProfile: type: RuntimeDefault + imagePullSecrets: + - name: ibm-entitlement-key serviceAccountName: ibm-common-service-operator terminationGracePeriodSeconds: 10 --- diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 74321080c..cc4f916e1 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -23,7 +23,7 @@ spec: app.kubernetes.io/managed-by: "ibm-common-service-operator" app.kubernetes.io/name: "ibm-common-service-operator" productName: IBM_Cloud_Platform_Common_Services - intent: protected + intent: projected annotations: productName: "IBM Cloud Platform Common Services" productID: "068a62892a1e4db39641342e592daa25" @@ -99,4 +99,6 @@ spec: privileged: false readOnlyRootFilesystem: true runAsNonRoot: true + imagePullSecrets: + - name: ibm-entitlement-key terminationGracePeriodSeconds: 10 diff --git a/generate-helm/ibm-common-service-operator.config b/generate-helm/ibm-common-service-operator.config index d2e6b5f09..794da89d6 100644 --- a/generate-helm/ibm-common-service-operator.config +++ b/generate-helm/ibm-common-service-operator.config @@ -6,8 +6,9 @@ sharedValues: imageRegistryNamespaceOperand: cpopen/cpfs imageRegistryNamespaceOperator: cpopen operatorImage: ibm-common-service-operator - operatorNamespace: operator-ns - tag: latest + operatorNamespace: operators + servicesNamespace: service + operatorVersion: latest globalConfig: metadata.labels: - strategy: newline @@ -26,6 +27,9 @@ fileConfig: - strategy: inline key: sharedValues.operatorNamespace generate-helm/ibm-common-service-operator-generated/ibm-common-service-operator-deployment.yaml: + spec.template.spec.imagePullSecrets[0].name: + - strategy: inline + key: sharedValues.imagePullSecret spec.template.spec.containers[0].image: - strategy: inline key: sharedValues.imagePullPrefix @@ -34,7 +38,7 @@ fileConfig: - strategy: inline key: sharedValues.operatorImage - strategy: inline - key: sharedValues.tag + key: sharedValues.operatorVersion generate-helm/ibm-common-service-operator-generated/ibm-common-service-operator-rb.yaml: subjects[0].namespace: - strategy: inline diff --git a/helm-cluster-scoped/Chart.yaml b/helm-cluster-scoped/Chart.yaml index cdff13f51..fd0cecb4b 100644 --- a/helm-cluster-scoped/Chart.yaml +++ b/helm-cluster-scoped/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: ibm-common-service-operator +name: ibm-common-service-operator-cluster-scoped description: A Helm chart for the IBM Common Service Operator # A chart can be either an 'application' or a 'library' chart. diff --git a/helm-cluster-scoped/values.yaml b/helm-cluster-scoped/values.yaml index db20ad43c..f980dcc68 100644 --- a/helm-cluster-scoped/values.yaml +++ b/helm-cluster-scoped/values.yaml @@ -3,8 +3,9 @@ imagePullSecret: ibm-entitlement-key imageRegistryNamespaceOperand: cpopen/cpfs imageRegistryNamespaceOperator: cpopen operatorImage: ibm-common-service-operator -operatorNamespace: operator-ns -tag: latest +operatorNamespace: operators +operatorVersion: latest +servicesNamespace: service commonservicesOperatorIbmComCrd: {} ibmCommonServiceOperatorCr: {} diff --git a/helm/templates/operator-deployment.yaml b/helm/templates/operator-deployment.yaml index 4821d5607..dbbf270eb 100644 --- a/helm/templates/operator-deployment.yaml +++ b/helm/templates/operator-deployment.yaml @@ -22,7 +22,7 @@ spec: app.kubernetes.io/instance: ibm-common-service-operator app.kubernetes.io/managed-by: ibm-common-service-operator app.kubernetes.io/name: ibm-common-service-operator - intent: protected + intent: projected name: ibm-common-service-operator productName: IBM_Cloud_Platform_Common_Services spec: @@ -39,7 +39,7 @@ spec: - s390x containers: - name: ibm-common-service-operator - image: "{{ .Values.imagePullPrefix }}/{{ .Values.imageRegistryNamespaceOperator }}/{{ .Values.operatorImage }}:{{ .Values.tag }}" + image: "{{ .Values.imagePullPrefix }}/{{ .Values.imageRegistryNamespaceOperator }}/{{ .Values.operatorImage }}:{{ .Values.operatorVersion }}" command: - /manager env: @@ -95,5 +95,7 @@ spec: runAsNonRoot: true seccompProfile: type: RuntimeDefault + imagePullSecrets: + - name: {{ .Values.imagePullSecret }} serviceAccountName: ibm-common-service-operator terminationGracePeriodSeconds: 10 diff --git a/helm/values.yaml b/helm/values.yaml index db20ad43c..f980dcc68 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -3,8 +3,9 @@ imagePullSecret: ibm-entitlement-key imageRegistryNamespaceOperand: cpopen/cpfs imageRegistryNamespaceOperator: cpopen operatorImage: ibm-common-service-operator -operatorNamespace: operator-ns -tag: latest +operatorNamespace: operators +operatorVersion: latest +servicesNamespace: service commonservicesOperatorIbmComCrd: {} ibmCommonServiceOperatorCr: {} diff --git a/scripts/restructure_helm.sh b/scripts/restructure_helm.sh index 541228ac8..b293dd02b 100755 --- a/scripts/restructure_helm.sh +++ b/scripts/restructure_helm.sh @@ -59,7 +59,7 @@ merge_yaml() { # Move and merge namespace-scoped resources merge_yaml "kind: Role" "$HELM_DIR/templates/rbac.yaml" merge_yaml "kind: Deployment" "$HELM_DIR/templates/operator-deployment.yaml" -sed -i 's/{{ .Values.imagePullPrefix }}:{{ .Values.imageRegistryNamespaceOperator }}:{{ .Values.operatorImage }}:{{ .Values.tag }}/{{ .Values.imagePullPrefix }}\/{{ .Values.imageRegistryNamespaceOperator }}\/{{ .Values.operatorImage }}:{{ .Values.tag }}/g' $HELM_DIR/templates/operator-deployment.yaml +sed -i 's/{{ .Values.imagePullPrefix }}:{{ .Values.imageRegistryNamespaceOperator }}:{{ .Values.operatorImage }}:{{ .Values.operatorVersion }}/{{ .Values.imagePullPrefix }}\/{{ .Values.imageRegistryNamespaceOperator }}\/{{ .Values.operatorImage }}:{{ .Values.operatorVersion }}/g' $HELM_DIR/templates/operator-deployment.yaml # ----------------- Cluster-scoped resources ----------------- @@ -70,8 +70,11 @@ cp $HELM_SRC_DIR/crds/* $CLUSTER_SCOPED_DIR/templates/crds.yaml # Todo: rest of resources # Copy Helm values, Chart.yaml and helper.tpl +# Remove generated comments sed -i '/^# Generated by \[Kustohelmize\]/d' $HELM_SRC_DIR/values.yaml for dir in $HELM_DIR $CLUSTER_SCOPED_DIR; do cp $HELM_SRC_DIR/{values.yaml,Chart.yaml} "$dir/"; done +# Rename chart name in cluster-scoped Chart.yaml +sed -i "s/^name: ibm-common-service-operator$/name: ibm-common-service-operator-cluster-scoped/" $CLUSTER_SCOPED_DIR/Chart.yaml for dir in $HELM_DIR $CLUSTER_SCOPED_DIR; do cp $HELM_SRC_DIR/templates/_helpers.tpl "$dir/templates/"; done # Remove generated ibm-common-service-operator and ibm-common-service-operator-generated directories